diff --git a/docs/2024/ci-scanner/updates/2024-07-18.md b/docs/2024/ci-scanner/updates/2024-07-18.md new file mode 100644 index 000000000..2e2c4409b --- /dev/null +++ b/docs/2024/ci-scanner/updates/2024-07-18.md @@ -0,0 +1,100 @@ +--- +title: Week 7 +author: Rajul Jha +tags: [gsoc24, CI] +--- + + +# Week 7 +*(July, 12 2024 - July 18, 2024)* + +## Meeting 1 +*(July 17, 2024)* + +## Attendees + +* [Rajul Jha](https://github.com/rajuljha) +* [Shaheem Azmal](https://github.com/shaheemazmalmmd) +* [Kaushlendra](https://github.com/Kaushl2208) +* [Avinal Kumar](https://github.com/avinal) + +## Discussions + +* Discussed the work done on the Fossology Github Action [#PR1](https://github.com/fossology/fossology-action/pull/1) with the mentors. +* Discussed some issues that were encountered during the testing of [#PR2784](https://github.com/fossology/fossology/pull/2784) by [Kaushal](https://github.com/Kaushl2208) +* Had a brief discussion on how to improve the examples that are given in the Github workflow file. +* [Shaheem](https://github.com/shaheemazmalmmd) mentioned I should also start working on the documentation part for the Wiki. +* Had a fun discussion about what to name the new repository.😁 + +## Work Done + +* Completed the initial work on Fossology Action repository and sent out a [#PR1](https://github.com/fossology/fossology-action/pull/1) for the same. +* The new Github Action allows the users to scan using the fossology scanners ( `nomos`, `ojo` and `copyright` ) inside their Github Actions workflows in just a few lines of configuration. + +```yaml +name: License scan on PR +on: [pull_request] +jobs: + compliance_check: + runs-on: ubuntu-latest + name: Perform license scan + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: License check + id: compliance + uses: fossology/fossology-action@v1 + with: + scan_mode: '' + scanners: 'nomos ojo' + report_format: 'SPDX_JSON' + +``` + +* User can scan in various scanning modes like `diff`, `repo` and `differential`. +* User can retrieve the scan results report as an artifact in Github Actions in various formats like `SPDX_JSON`, `SPDX_YAML`, `SPDX_RDF` and `SPDX_TAG_VALUE` by passing the format as an input with the action. +* The action also allows the user to pass various custom parameters like passing their own `keyword.conf` or `allowlist.json` file. + +```yaml +scan_mode: + description: "Specifies whether to perform diff scans, repo scans, or differential scans. Leave blank for diff scans." + required: false + default: "" +scanners: + description: "Space-separated list of scanners to invoke." + required: true + default: "nomos ojo copyright keyword" +report_format: + description: "Report format (SPDX_JSON,SPDX_RDF,SPDX_YAML,SPDX_TAG_VALUE) to print the results in." + required: false + default: "" +keyword_conf_file_path: + description: "Path to custom keyword.conf file. (Use only with keyword scanner set to True)" + required: false + default: "" +allowlist_file_path: + description: "Path to allowlist.json file." + required: false + default: "" +from_tag: + description: "Starting tag to scan from. (Use only with differential mode)" + required: false + default: "" +to_tag: + description: "Ending tag to scan to. (Use only with differential mode)" + required: false + default: "" +``` + +* Fixed some of the bugs in the previous PR's before they were merged. +* Got a review from [Gaurav](https://github.com/GMishx) to reduce code duplication at some places and try to maintain backward compatibility in the code. + +## Planning for next week +* Refactor the code in the previous PR's to reduce code duplication (following the DRY principle) and better function handling. +* Try to complete the line number part for the scanner parts as well. +* Research about the next step for allowing the users to download scanned dependencies.